Stored XSS in profile activity feed messages

The researcher was able to demonstrate a Stored XSS vulnerability in the Profile and Crew Feed endpoints. The exploit string worked because the researcher realized that certain obscure characters were not being converted to HTML entities properly. The exploit string was `†‡•＜img src=a onerror=javascript:alert('hacked')>…‰€`. This behavior allowed the researcher to insert and run his own JavaScript. We were able to update our code to properly filter characters like the ones in the exploit string.